Cyber fraudsters eye Twitter ‘newcomers’
Seek submission of documents and related details
In a new development, cyber fraudsters are now targeting newly verified profiles on Twitter. Within minutes of getting verified, the user receives a message from the ‘support team’, seeking submission of documents and related details. They threaten that the user might lose the verified badge if they don’t submit details.
The message either says ‘your verification badge has been reviewed, the account is termed as spam by our Twitter team’, or ‘the blue badge is being given illegally and the user must re-register to confirm that it was received legally’. It asks users to ‘appeal’ this decision using an online form by clicking a link in the message or by sharing documents and user data, warning that those who did not oblige would see their blue badge getting ‘deleted’.
The string of messages on Twitter DM comes after a number of verified users on the platform.
“The messages come from accounts claiming to be Twitter support and ask users to click on a link in the message to fill in a form to reapply for a “blue badge” of verification on the site. These might include malicious attachments or links to spam or phishing websites. Twitter is not known for sending emails or messages with attachments as the verification is done before the user receives a badge,” pointed out Harsha Chaitanya, an expert in cyber security.
Officials from cybercrime said that online fraudsters are targeting users across all social media platforms.
“Often the links and documents that are shared are used to swindle money and hack the account. We advise the public to carefully consider before clicking any link they are sent, unsolicited, by an organisation. We encourage people to look for poor spellings or grammatical errors or a sense of urgency in the messaging to try to encourage a rash decision,” said the officials.
When asked by a user on the platform, Twitter responded that it never asks for a user’s password when contacting someone. “We’ve heard some accounts are posing as Twitter employees, sending DMs and emails. If we contact you, we’ll never ask for your password and our emails will be sent from @twitter.com or @e.twitter.com only.” (sic).